github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-21 20:08:54 +00:00
Code Issues Projects Releases Wiki Activity
Files
ba23758a423eda317458b4db0e5d943c63764042
kata-containers/tests/integration/kubernetes/k8s-confidential.bats
ChengyuZhu6 e8c4effc07 tests: refactor the check for hypervisor to a function 
Extract two reusable functions for confidential tests in confidential_common.sh

- check_hypervisor_for_confidential_tests: verifies if the input hypervisor supports confidential tests.
- confidential_setup: performs the common setup for confidential tests.

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
Co-authored-by: stevenhorsman <steven@uk.ibm.com>
Co-authored-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Co-authored-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2024-03-19 18:06:00 +01:00

49 lines
1.8 KiB
Bash
Raw Blame History

#!/usr/bin/env bats
# Copyright 2022-2023 Advanced Micro Devices, Inc.
# Copyright 2023 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
load "${BATS_TEST_DIRNAME}/../../common.bash"
load "${BATS_TEST_DIRNAME}/confidential_common.sh"
load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() {
confidential_setup || skip "Test not supported for ${KATA_HYPERVISOR}."
setup_unencrypted_confidential_pod
}
@test "Test unencrypted confidential container launch success and verify that we are running in a secure enclave." {
[[ " ${SUPPORTED_NON_TEE_HYPERVISORS} " =~ " ${KATA_HYPERVISOR} " ]] && skip "Test not supported for ${KATA_HYPERVISOR}."
# Start the service/deployment/pod
kubectl apply -f "${pod_config_dir}/pod-confidential-unencrypted.yaml"
# Retrieve pod name, wait for it to come up, retrieve pod ip
pod_name=$(kubectl get pod -o wide | grep "confidential-unencrypted" | awk '{print $1;}')
# Check pod creation
kubectl wait --for=condition=Ready --timeout=$timeout pod "${pod_name}"
coco_enabled=""
for i in {1..6}; do
if ! pod_ip=$(kubectl get pod -o wide | grep "confidential-unencrypted" | awk '{print $6;}'); then
warn "Failed to get pod IP address."
else
info "Pod IP address: ${pod_ip}"
coco_enabled=$(ssh -i ${SSH_KEY_FILE} -o "StrictHostKeyChecking no" -o "PasswordAuthentication=no" root@${pod_ip} "$(get_remote_command_per_hypervisor)" 2> /dev/null) && break
warn "Failed to connect to pod."
fi
sleep 5
done
[ -z "$coco_enabled" ] && die "Confidential compute is expected but not enabled."
info "ssh client output: ${coco_enabled}"
}
teardown() {
check_hypervisor_for_confidential_tests ${KATA_HYPERVISOR} || skip "Test not supported for ${KATA_HYPERVISOR}."
kubectl describe "pod/${pod_name}" || true
kubectl delete -f "${pod_config_dir}/pod-confidential-unencrypted.yaml" || true
}
Reference in New Issue View Git Blame Copy Permalink